GENERAL INFORMATION

Who we are

The website candygym.fitness is operated by CandyGym FZ-LLC., a private company incorporated under the laws of UAE, CandyGym FZ-LLC, Bay Square Building 12, office 305, Business Bay. Dubai. P.O.BOX : 88 777.

This Privacy Policy explains how we collect and process your personal data when you:

• browse our website;
• create an account or place an order;
• sign up for newsletters or marketing;
• contact our customer service;
• submit documentation to verify that you are a qualified researcher.

All processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Dubai data-protection rules.

WHAT PERSONAL DATA WE PROCESS IF YOU CREATE AN ACCOUNT

If you register an account we process:

• First and last name
• Date of birth (optional)
• E-mail address and telephone number
• Saved shipping / billing addresses
• Order history, favourites and product reviews

We use this data to perform our contract with you, comply with legal obligations (e.g. invoicing) and pursue our legitimate interest in understanding customer preferences.

WHAT PERSONAL DATA WE PROCESS WHEN YOU BROWSE THE WEBSITE

When you merely browse, we collect:

• Partial IP address and approximate location
• Device and browser type, plug-ins, operating system, time-zone
• Click-stream data, page-response times, error logs, scrolls and mouse-overs

Processing is based on our legitimate interest in improving site performance and security.

WHAT PERSONAL DATA WE PROCESS WHEN YOU SUBSCRIBE TO OUR NEWSLETTER

If you opt-in, we store:

• E-mail address
• Interaction data (opens, clicks)

You may withdraw consent at any time via the “unsubscribe” link in every e-mail.

WHAT PERSONAL DATA WE PROCESS WHEN YOU CONTACT CUSTOMER SERVICE OR SEEK SCIENTIFIC VERIFICATION

When you contact us by webform, e-mail or phone, or when you upload documentation to prove you are a qualified researcher, we may process:

• Name, e-mail address and phone number
• Order number or research-institution details
• Government-issued ID or professional credentials (when required to confirm eligibility to purchase research-only compounds)
• IP address and any other information you choose to share

Processing is necessary to answer your enquiry and—where applicable—to meet our legal and regulatory obligations regarding controlled or research-only materials.

CATEGORIES OF DATA WE ALWAYS PROCESS

Category Examples Legal basis (Art 6 GDPR)

Identification & Contact Name, address, e-mail, phone (b) Contract, (c) Legal obligation

Researcher-Qualification Academic or professional proof, ID (c) Legal obligation, (f) Legitimate interest

Financial & Transaction Payment method, amount, fraud-prevention tokens (card data handled only by PCI-compliant providers) (b) Contract

Technical & Usage IP, device, cookies, logs (f) Legitimate interest

Marketing & Communication Opt-in status, preferences (a) Consent

WHY WE PROCESS YOUR DATA

• Fulfil and ship your orders
• Provide secure account access
• Verify you are legally permitted to purchase research-only substances
• Process payments and prevent fraud
• Send transactional messages (order confirmations, shipping updates)
• Send marketing you have requested
• Improve our website, products and customer experience
• Comply with bookkeeping, product-safety and export-control laws

SHARING PERSONAL DATA

We never sell personal data. We share it only with:

• Payment processors, e-commerce platforms and warehousing partners
• IT-security, cloud-hosting and analytics vendors
• Professional advisers (legal, tax, accounting)
• Regulators, customs or law-enforcement where legally required
• Successors in the case of a merger or asset transfer

All third parties are bound by confidentiality and may process data only on our instructions.

INTERNATIONAL TRANSFERS

If we transfer personal data outside the European Economic Area, we rely on:

• an adequacy decision of the European Commission; or
• Standard Contractual Clauses plus supplementary measures.

COOKIES & TRACKING TECHNOLOGIES

We use first- and third-party cookies classified as Strictly Necessary, Performance, Functionality and Targeting. You can adjust cookie preferences at any time via our Cookie Settings banner. Details are provided in our separate Cookie Policy

AGE & RESEARCHER QUALIFICATION

By using this site you confirm that you:

1. are at least 18 years old (or the age of majority in your jurisdiction), and
2. are a qualified researcher purchasing for laboratory use only—not for human or veterinary consumption.

We may request proof and will cancel orders that fail verification.

SECURITY

We apply appropriate technical and organisational measures, including:

• TLS (SSL) encryption of data in transit and AES-256 encryption at rest
• Access controls and staff training.
• Regular penetration testing and security audits.
• 3-D Secure and Strong Customer Authentication (SCA) for online card payments.

No internet transmission is 100 % secure, but we follow PCI-DSS and industry best practices.

DATA RETENTION

We retain personal data only as long as necessary:

• Orders and invoicing — 10 years (statutory)
• Marketing consents — until you withdraw consent
• Researcher-qualification files — 5 years after last purchase or as required by law
• Server logs — 12 months

After expiry we securely erase or anonymise data.

YOUR RIGHTS

You may at any time:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase data (“right to be forgotten”)
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent (for marketing)

To exercise these rights, e-mail us at [ info@candygym.fitness ]. We will respond within one month. You also have the right to lodge a complaint with the Dubai Data Protection Authority or your local supervisory authority.

CHANGES TO THIS PRIVACY POLICY

We may update this notice to reflect legal, technical or business developments. Material changes will be announced prominently on the website and, where appropriate, by e-mail. The date at the top indicates the latest revision.